This document, together with our AML & Sanctions Compliance Policy, Acceptable Use Policy, Privacy Policy, and any other terms you may be required to accept during your use of our services as a Client, serves as legal documentation provided by Cordarium Services, trading as Cordarium (referred to herein as "Us", "We", "Our"). It delineates the legal terms and conditions under which we may purchase the rights to your Digital Goods, produced by you, and reserves our right to resell these Digital Goods. As the Client, you provide access to information about Digital Goods on the Webstore page in the simplest form for your convenience. We retain the right to offer services to Clients, recognized as rights-owners of digital goods, for online games ("You", "Client").

By registering for our services as a Client, you acknowledge that you accept this Agreement and agree to be bound by its terms. Please review these Terms carefully and ensure that you understand them before using Cordarium. Note that prior to accessing the Services, you will be required to consent to these Terms. If you decline to accept these Terms, you are not permitted to use the Services.

We reserve the right to amend these Terms periodically as outlined in clause 13. We advise you to regularly check this page to stay informed about and understand the terms applicable at any given time.

These Terms, along with any contracts between us, are only available in the English language.

1. Information about Us, Partners and Third-Parties

1.1 Filip Chromý, operates Our website, all Webstores, and the Application for Checkout. Our registered office is located at Pomněnková 437, Trutnov, Czech Republic.

1.2 As the Payment Processor for Checkout and Withdrawal Services, We utilize our Partner - Cryptomus.com, operated under XELTOX ENTERPRISES LTD. Cryptomus.com is registered as a Money Service Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) under registration number M22649585.

1.3 We have no affiliation with Tebex Limited in any way, shape or form.

1.3.1 Tebex Limited does not engage in Payment Processing, and funds never pass through Tebex Wallets in any capacity.

1.3.2 We utilize the Tebex Public API (Headless API) of Webstores to retrieve data regarding your Digital Goods and facilitate order delivery to your Game Server. These operations are conducted with official authorization from Tebex Limited.

1.3.3 Please note that there is no need to contact Tebex Limited regarding Payment Processing issues or any other matters related to Cordarium Services.

1.4 You may contact Cordarium via email at [email protected] or through any other available means. If You intend to provide Us with formal notice under these Terms, please refer to Clause 16.

2. Access to Cordarium Services

2.1 Upon approval of Your application to use Cordarium Services, You will be granted access to the Service until the Agreement is terminated (defined in clause 9 below).

2.2 Your access will commence on the date of approval of Your application and will remain active until either You or We terminate the Agreement in accordance with these terms.

2.3 We reserve the right to reject any application to use Cordarium Services at Our discretion.

2.4 We retain the authority to suspend or terminate Your access at Our discretion and for any reason. However, if Your access is suspended or terminated due to a breach of these Terms, no funds (or crypto-funds) will be released.

3. Our interaction with You

3.1 By using our services, you grant us a limited, revocable, worldwide license to utilize your:

• Name
• Logo
• Trademarks
• Other images, wordmarks, and associated written, graphical, or audio content

(collectively referred to as "Assets") for the sole purpose of promoting your Digital Goods we purchase from you for resale.

3.2 You furnish us with information regarding Digital Goods in the most convenient manner for you, such as through interaction with the Public API of any presently supported Webstore Providers (such as Tebex or MineStoreCMS).

3.3 "Digital Goods" encompass any digitally crafted and distributed products, including but not limited to in-game items (such as ranks, swords, cosmetics, etc.), modifications, maps, plugins, texture packs, and similar content designed to enhance or expand interactive digital experiences. This definition extends to any associated services such as game server hosting and analytics platforms. It also includes use licenses ("Licenses") permitting the use of such Digital Goods, as acquired and sold by us under a reseller agreement.

3.4 It is clarified that when we sell Digital Goods purchased from you, no contractual relationship is established between you and the Buyer. All sales contracts are formed directly between us and the Buyer, and you agree not to issue any invoices or demand payment from any Buyer to whom we have sold Digital Goods.

3.5 We directly do not delivery any Digital Goods by using our Services on your Game Server, however we are trying to provide seamless process to delivery Digital Goods by using Public API (such as Tebex Plugin API and MineStoreCMS API).

3.6 Funds (cryptocurrency) are transferred directly to your Cordarium Wallet. You are accountable for the funds received from customers from the moment of the transaction. It is imperative to acknowledge that Cordarium assumes no responsibility for funds stored in your Cordarium Wallet. In the event of any accident (such as a cyber attack, unforeseen server damage, or any other force majeure circumstance), access to funds may be restricted. However, we affirm our commitment to diligently mitigate such occurrences.

3.6.2 It is strongly advised to perform daily withdrawals of funds (cryptocurrency) from your Cordarium Wallet.

4. Your responsibilities, representations and warranties

You affirm and assure Us that:

4.1.1 You provide us Yours and valid API keys to access the data about your Digital Goods.

4.1.2 You hold ownership of all Digital Goods offered for sale to Us or possess the legal authority to vend such Digital Goods to Us.

4.1.3 The Digital Goods conform to Our Acceptable Use Policy, are defect-free, suitable for their intended purpose, and do not infringe upon any third-party rights, including Intellectual Property Rights.

4.1.4 There exist no actions, legal proceedings, or intentions that would impede Your business operations or restrict Our Buyers' access to the Games intended for use with the Digital Goods We purchase from You.

4.2 Your enhanced familiarity with the specifics of the purchased Digital Goods, You consent to Our suggestion that Customers seek certain types of support directly from You. Recognizing that most Customers will not require assistance, and that We will directly support others, You acknowledge that providing such support is incidental and without inherent value, thus provided by You free of charge.

4.3 You confirm that all products are accurately described, reasonably priced, and properly linked with commands instructions to the API Service Provider.

4.4 In the event of any changes to Your business status or any reasonable anticipation of such changes, whether concerning this Clause 4 or any other aspect materially affecting Your ability to offer Digital Goods for sale to Us, provide support to Us, or enable Our Buyers to utilize the purchased Digital Goods, You shall promptly notify Us in writing and withdraw all Digital Goods offered for sale to Us.

4.5 You agree to sell Us all Digital Goods and Licenses on a “Sale Only” basis, granting Us permission to do not provide any refunds or returns to Your Customers.

4.6 It is clarified that if circumstances, including but not limited to technical glitches, network disruptions, or force majeure, prevent Us from processing payment from a customer, no sale shall be deemed to have occurred, and We shall have the discretion to return Digital Goods in accordance with Clause 4.5.

4.7 In accordance with Clauses 3.6 and 3.6.2, you acknowledge and accept Your responsibilities concerning the Funds (cryptocurrency) and Cordarium Wallet Services.

5. Responsibilities of Cordarium

Our Obligations:

5.1 Cordarium shall develop and manage an application ("Cordarium Application," accessed via https://app.cordarium.com/) that showcases technical information about Your API keys to the Public API Service Provider (i.e. MineStoreCMS, Tebex Limited). This application facilitates access to information about your Digital Goods from third-party platforms and enables the creation of Digital Goods delivery requests.

5.2 Cordarium retains the sole discretion to purchase digital goods from You when we determine there is a reasonable likelihood of making a sale to a buyer. We are not obligated to purchase any minimum or maximum quantity of Digital Goods from You.

5.3 Cordarium may provide you with access to the Cordarium Application Dashboard, allowing you to update API Keys Data to access Your Digital Goods.

5.4 Cordarium does not handle taxes nor directly participate in the payment process. Payments are processed by Our partner, the Payment Processor Provider - Cryptomus.com.

5.4.1 For clarity, Cordarium is a SaaS (Software as a Service) product that allows Your customers to generate a payment link to pay for Customers Digital Goods using cryptocurrency through Cryptomus.

5.5 For clarity, Cordarium is not obligated to payout (withdraw) Your funds at any moment in time.

5.5.1 If the Cordarium system detects suspicious activity based on your account's risk factor and transaction activity, we reserve the right to revoke any access to funds stored in your Cordarium Wallet.

5.5.2 According to Clauses 4.6, 3.6, and 4.7, if a Force Majeure situation occurs (e.g., cyber-attack, server damage, etc.), we are not obligated to withdraw any funds. As stated in Clause 4.6, you are responsible for any type of funds in your Cordarium Wallet and their availability for withdrawal.

5.6 Cordarium will only use your personal information in accordance with our Privacy Policy. Please review our Privacy Policy carefully, as it contains significant terms applicable to you.

6. Calculation of the Transaction Price

6.1 Cordarium shall apply the Total Price as received from the Public API Service Provider (i.e. Tebex or MineStoreCMS), including of VAT taxes and any other applicable additional fees associated with the Transaction payment.

6.2 You acknowledge and agree that We may a portion of monies due to You (a "Transaction") as a form of risk mitigation. We undertake to review the Transaction level on at least a monthly basis and provide You with guidance on how to reduce Your Transaction level upon request.

6.2.1 You acknowledge that any Transaction is not time-limited and will only be reduced by Us as part of Our review process when We are satisfied that the risk has been reduced to a satisfactory level.

7. Processing Customers Data

Background

7.1 This Clause 7 details the procedures and obligations of both parties in processing the personal data of Customers who purchase Digital Goods from Us, which have been created by You.

Definitions

7.2 In this Clause 7, the following terms shall have the meanings assigned to them:

7.2.1 "Controller," "Data Subject," "Personal Data," "Processor," and "processing" shall carry the respective definitions provided under the applicable Data Protection Laws. Related expressions, including "process," "processing," "processed," and "processes," shall be construed accordingly. The terms "international organisation" and "Personal Data Breach" shall hold the meanings ascribed to them in the GDPR Policy;

7.2.2 "Data Protection Laws" refers to any applicable legal framework governing the processing, privacy, and use of Personal Data, binding on either party or the Services, including but not limited to: (a) Directive 95/46/EC (Data Protection Directive) and/or the Data Protection Act 1998 or the GDPR; (b) Any laws implementing such regulations; (c) Any legislation that replaces, extends, re-enacts, consolidates, or amends the aforementioned laws; and (d) All guidelines, codes of practice, and codes of conduct issued by any relevant supervisory authority relating to these Data Protection Laws (whether or not legally binding);

7.2.3 "GDPR" means the General Data Protection Regulation (EU) 2016/679;

7.2.4 "Protected Data" signifies Personal Data received from Us or on Our behalf in connection with Your obligations under these Terms and/or the Contract;

7.2.5 "Sub-Processor" denotes any agent, subcontractor, or third party (excluding employees) engaged by You for carrying out any processing activities on Your behalf concerning the Protected Data; and

7.2.6 "supervisory authority" means any regulatory authority responsible for enforcing Data Protection Laws.

Compliance with Data Protection Laws

7.3 Both parties acknowledge that We act as a Controller, and You as a Processor, concerning the Protected Data processed under these Terms and/or the Contract. You shall, and shall ensure that Your Sub-Processors and personnel will, comply with all Data Protection Laws concerning the processing of Protected Data and shall not cause Us (or any other entity) to breach any Data Protection Laws through any act or omission. These Terms and/or the Contract do not absolve You of Your responsibilities or liabilities under Data Protection Laws.

7.4 You shall indemnify Us and keep Us indemnified against:

7.4.1 All losses, claims, damages, liabilities, fines, interest, penalties, costs, charges, sanctions, expenses, compensation paid to Data Subjects (including ex gratia payments), demands, and legal and professional costs (calculated on a full indemnity basis) arising from any breach by You of Your obligations under this Clause 7; and 7.4.2 Any amounts paid or payable by Us to a third party that would not have been paid or payable if not for Your breach of this Clause 7.

Instructions

7.5 You shall only process the Protected Data in accordance with Schedule 1, these Terms, the Contract, and Our written instructions, except where required by applicable law (in such cases, you must inform Us of that legal requirement before processing unless prohibited on important public interest grounds). You shall immediately inform Us if any instruction concerning the Protected Data infringes or may infringe any Data Protection Law.

Security

7.6 You shall implement and maintain appropriate technical and organisational measures to protect Protected Data against accidental, unauthorised, or unlawful destruction, loss, alteration, disclosure, or access. These measures shall at least equal the technical and organisational measures outlined in Part B of Schedule 1 and reflect the nature of the Protected Data.

Sub-Processing and Personnel

7.7 You shall:

7.7.1 Not allow any Protected Data to be processed by any agent, subcontractor, or third party (excluding Your employees who are bound by enforceable confidentiality obligations) without Our prior specific written consent for each Sub-Processor, and under conditions We may specify;

7.7.2 Restrict access to Protected Data to authorised personnel who require such access to perform the services;

7.7.3 Ensure that, before any Sub-Processor begins processing Protected Data, they are bound by a written contract that imposes obligations equivalent to those under this Clause 7, enforceable by You, and that they comply with these obligations;

7.7.4 Accept full liability to Us for all actions and omissions of each Sub-Processor as if they were Your own actions and omissions; and

7.7.5 Ensure that all personnel authorised to process Protected Data are reliable, adequately trained in compliance with this Clause 7, informed about the confidential nature of the Protected Data, bound by enforceable confidentiality agreements, and provide Us with relevant details and copies of each Sub-Processor agreement upon request.

7.8 At no cost to Us, You shall promptly (within 72 hours of receipt) record and refer all requests and communications from Data Subjects or supervisory authorities concerning Protected Data to Us. You shall not respond to any such requests or communications without Our express written consent and shall strictly adhere to Our instructions unless legally obligated to do otherwise.

International Transfers

7.9 You shall not transfer Protected Data outside the EU or to any international organisation (as defined in the GDPR) without Our prior written consent and only if the following conditions are satisfied:

7.9.1 Transfers to third countries lacking adequacy decisions are conducted in accordance with Our Standard Contractual Clauses, available at GDPR-SSC;

7.9.2 You adhere to Data Protection Laws by providing an adequate level of protection for the transferred Protected Data or assist Us in ensuring such protection;

7.9.3 The Data Subject retains enforceable rights and access to effective legal remedies;

7.9.4 Appropriate safeguards are implemented for the transfer in accordance with GDPR Article 46 or LED Article 37, as determined by Us.

7.10 You acknowledge that: 10.11.1 In providing Cordarium, We use a server located in the Germany; and 10.11.2 In providing other services, We may share limited data with Partners (i.e. Cryptomus).

Breach

7.11 You must promptly notify Us within 24 hours if You, any Sub-Processor, or any of Your personnel suspect or become aware of any actual, suspected, or potential Personal Data Breach involving Protected Data. In such an event, You shall provide all necessary information for Us to fulfill our obligations to report the breach to supervisory authorities and to notify affected Data Subjects. Additionally, You shall take immediate steps to mitigate and rectify the breach, including removing any exposed data and implementing measures to prevent further incidents.

Deletion/Return

7.12 Upon Our written request, You shall promptly and securely delete or return all Protected Data in the format specified by Us, immediately after the earliest of the following events: 7.12.1 The conclusion of the services related to the processing of such Protected Data; or 7.12.2 The point at which the processing of Protected Data is no longer necessary for the provision of support. Furthermore, You shall ensure the secure deletion of any remaining copies, except where retention is mandated by law, in which case You must inform Us of the legal requirement for such retention.

7.13 The provisions of this Clause 7 shall remain in effect even after the termination or expiry of the Contract.

Remedial Measures

7.14 Should there be any failure to adhere to the stipulations outlined in this Clause 7, we reserve the right to take necessary actions to safeguard the integrity of the data. This may involve revoking your access to data, withdrawing processing instructions, or unilaterally terminating the Contract without prior notice.

Bearing of Expenses

7.14 You are obligated to fulfill all duties delineated within this Clause 7 without imposing any costs on us.

8. Contract Formation between You and Cordarium

8.1. Application for Service includes: (a) To access and utilize the Service, you ("User") must submit a formal application ("Application") through either our designated website or via written email communication ("Email Application") addressed to us ("Company"). (b) During the Application process, the User is obligated to thoroughly review and acknowledge all presented details concerning the Service, including any associated costs, at each respective stage.

8.2 Upon successful submission of the Application, the Cordarium shall transmit a confirmation email ("Confirmation Email") or if OAuth Providers are used, then we count the User as agreed with clauses of the contract and signifying the acceptance of the Application. This exchange shall constitute the formation of a binding contractual agreement ("Contract") between the User and the Company.

9. Client Account Cancelation & Termination

9.1 You are solely responsible for properly canceling your account.

9.2 You can cancel your account at any time, but we do not offer (partial) refunds for the excess time your license remains active upon cancelation.

9.3 Cordarium has the right to suspend or terminate your account and refuse any and all current or future use of the Service, for any reason at any time.

10. Cordarium right to vary these Terms

10.1 We reserve the right to modify these Terms and associated Service descriptions at any time by publishing updates on our website or notifying you via email. Your continued use of the Service following such modifications constitutes your acceptance of the revisions.

10.2 You may terminate this Agreement in accordance with Clause 9 if you disagree with the modifications.

11. Use of the Service & Your account

Authorization and Account Creation

11.1 By entering into this Agreement, you are authorized to engage in the resale of our Digital Goods subject to the following terms and conditions:

11.1.1 You are required to create an Account on our platform, providing accurate personal information, configuring withdrawal wallets, enabling 2FA Authorization, and any other necessary actions.

11.1.2 You have access to view information, statistics, and other pertinent data regarding purchases, including graphical representations.

11.1.3 You have the capability to establish Webstores, facilitating the submission of data pertaining to your Digital Goods through the simplest means available to you. This may involve utilizing API Keys provided by Third-Party providers (e.g., Tebex Limited, MineStoreCMS) for each of your Game Webstores.

11.1.4 You hereby affirm that you have attained the legal age stipulated by the laws of your country or are older.

Content Upload Tools

11.2 We furnish you with tools to upload the following content:

11.2.1 Essential information regarding your Gaming Webstore, such as logos, server names, and more.

11.2.2 Necessary details about yourself or your business activities, including KYC ("Know Your Client") and KYT ("Know Your Transaction") information.

11.2.3 Attachments to tickets that are compliant with our Acceptable Use Terms and directly pertinent to the ticket in question.

Content Standards and Restrictions

11.3 Prohibited Content: You are strictly prohibited from uploading any Digital Goods or associated assets that:

11.3.1 Are illegal or contravene any applicable laws.

11.3.2 Are objectionable, misleading, false, or defamatory.

11.3.3 Are obscene, threatening, or otherwise harmful.

11.3.4 Infringe upon the intellectual property rights of any third party.

11.4 Copyright and Trademark Protection: You acknowledge our ownership of all copyrights, trademarks, and other proprietary rights associated with the Service. You agree not to:

11.4.1 Copy, reproduce, publish, distribute, translate, or modify the Service (or any part thereof) without our prior written consent.

11.4.2 Create derivative works based on the Service.

11.4.3 Disassemble, decompile, reverse engineer, or otherwise attempt to discover the source code of the Service.

11.4.4 Remove, obscure, or alter any copyright notices, trademarks, or other proprietary rights affixed to or within the Service (such as Pay buttons on the Widgets).

11.4.5 Attempt to identify vulnerabilities unless explicitly granted official permission by us.

12. Our provision of the Services

12.1 Service Uptime: We will use commercially reasonable efforts to maintain the Service's availability; however, technical issues may cause temporary interruptions.

12.2 No Refunds for Downtime: You are not entitled to a refund or compensation for lost revenue due to service interruptions.

12.3. Content Management: We reserve the right to add, remove, modify, or otherwise manage the content available on our website at any time without prior notice. We have no obligation to provide any specific content for the Services.

13. Intellectual Property Ownership and Use

13.1. Intellectual Ownership: All intellectual property rights associated with Our website, the Services (exclude Payment Processing and Digital Goods Delivery), and content we provide belong to Us. This includes any rights existing now or created in the future, as well as goodwill.

13.2. Limited License Grant: We grant you a non-exclusive, revocable license with limitations. This license allows you to use, view, access, download, or print content provided through the Services.

13.3. Copyright and Trademark Notices: When using, transmitting, downloading, or printing any content, you must ensure all copyright, trademark, and other proprietary notices within that content remain intact.

13.4. License Restrictions:

13.4.1 You cannot assign or sub-license your rights under this License.

13.4.2 You must comply with the terms applicable to any open-source software we provide access to.

13.5 Your License does not permit you to:

13.5.1 Copy, adapt, reverse engineer, decompile, or disassemble any of our source code.

13.5.2 Copy, adapt, or modify any of our trademarks.

13.5.3 Use any of our trademarks outside the scope of the Services or authorize anyone else to do so without our prior written consent.

14. Limitations of Liability and Indemnity

14.1 Our Excluded Liability: This Agreement does not limit our liability for:

• Death or personal injury caused by Our negligence
• Fraud or fraudulent misrepresentation; or
• Any other losses or liabilities that cannot be lawfully excluded by these Terms or law.

14.2. Limitations on Our Liability: Subject to the exceptions above, we will not be held liable for any of the following, regardless of the legal theory (contract, tort, breach of statutory duty, etc.):

• Loss of profits, sales, business, or revenue.
• Loss or corruption of data, information, or software.
• Loss of business opportunity or anticipated savings.
• Loss of funds (cryptocurrency) stored within Your Cordarium Wallet in the event of unforeseen occurrences (such as a cyber attack, server damage and others), as outlined in Clause 5.5.2, subject to the provisions herein.
• Unauthorized access to Your Gaming Servers (resulting from a cyber attack or any other form of unauthorized access).
• Loss of goodwill.
• Indirect or consequential losses. 14.3. Maximum Liability Cap: Notwithstanding anything else in this Agreement, our total liability to you, under any legal theory, will not exceed One Hundred Euros (€100).

15. Your Responsibilities and Indemnity:

15.1 You are solely responsible for complying with all applicable laws and regulations, including those related to the Digital Goods and Assets You provide to Us. We will not be liable for any losses arising from Your non-compliance.

15.2 Your full responsibility regarding Funds (cryptocurrency) stored at Your Cordarium Service Wallet ("Cordarium Wallet").

15.2.1 Your acknowledgment of Our advice and recommendations regarding the use of Cordarium Wallet (as mentioned in Clauses 4.6, 3.6, 4.7, and 5.5.2).

15.3 You agree to indemnify Us for any liabilities, costs, expenses, damages, or losses (including legal fees) that we incur due to:

15.3.1 Your breach or non-performance of this Agreement.

15.3.2 Any claim that Your use of the Services or the Assets you provide infringe on a third party's intellectual property rights.

15.3.3 Any claims from third parties related to the Digital Goods You sell to us.

15. Disclaimer of Warranties: Except as expressly stated in this Agreement, we make no representations, warranties, or guarantees regarding the Services. We exclude all implied warranties or conditions to the fullest extent permitted by law. This specifically includes any warranty that the content provided through the Services is suitable for your purposes.

16. Our Contacts

16.1 You able to officially contact us by using our official email [email protected] or Cordarium Services Ticket System.

17. Confidential Information and Other Important Terms

17.1. Confidential Information: Any non-personal information or material (excluding financial information) You send to Us is considered non-confidential. By submitting such information, You grant Us an unrestricted, irrevocable license to use, reproduce, display, modify, transmit, and distribute those materials. You also agree that we can freely use any ideas, concepts, know-how, or techniques You send Ss for any purpose. However, we will not:

• Release Your name or publicize that You submitted materials to Us without your permission.
• Use materials with Your name attached without prior notification.
• Disclose the information unless legally required to do so.

Transfer of Rights and Obligations

17.2 We may transfer Our rights and obligations under this Agreement to another organization, but this will not affect Your rights or Our obligations.

17.3 You may only transfer your rights or obligations under this Agreement to another person with our prior written consent.

Third-Party Rights

17.4 This Agreement is between You and Us. No other person has the right to enforce any of its terms under any applicable law.

17.5. Severability: If any provision of this Agreement is found to be unlawful or unenforceable, the remaining provisions will remain in full force and effect.

17.6. Waiver: Our failure to enforce any provision of this Agreement or our delay in doing so will not constitute a waiver of that provision. Any waiver must be in writing and will not apply to any subsequent breach.

17.7 Governing Law and Dispute Resolution: This Agreement and any disputes arising from it will be governed by and construed in accordance with the laws of Czechia. We both agree that the Czech courts will have exclusive jurisdiction to settle any such disputes.

Schedule 1: Data Protection

This Schedule details the processing of your data ("Protected Data") in accordance with the Data Protection Laws.

Part A: Data Processing Details 1. Subject Matter: We will process Your Protected Data to provide support as defined in this Agreement. 2. Duration: Processing will continue for the lifetime of the Contract. However, We may restrict access to some data after a reasonable period if it's no longer necessary for support purposes. 3. Purpose: We will use Your Protected Data for the following purposes:

• Providing support as defined in this Agreement. 4. Data Types: We will process the following types of your Protected Data:
• Name
• Email Address
• In-game Username
• IP Address 5. Data Subjects: This processing applies to Buyers who have purchased your Digital Goods from Us.

Part B: Security Measures You are obligated to implement and maintain technical and organizational security measures to protect the Protected Data, following Data Protection Laws. These measures should consider:

• Current technological advancements
• Implementation costs
• The nature, scope, context, and purpose of data processing
• Potential risks to the rights and freedoms of individuals
• The likelihood and severity of such risks

These measures should be appropriate to the identified risks and may include those outlined in Articles 32(a) to 32(d) of the GDPR (EU General Data Protection Regulation). These articles cover aspects like:

• Pseudonymization and encryption of personal data
• The ability to restore access to personal data in a timely manner in case of a physical or technical incident
• A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures
• The ability to ensure the confidentiality, integrity, availability, and resilience of processing systems and services